Blog

Android Ransomware Infections Declined in 2017

Android users have a reason to cheer. According to the latest report by ESET, the number of ransomware attacks targeting Android devices declined in 2017. The decline represents a bit of an anomaly, given that in 2017, the most common type of malware attack (by a wide margin) was ransomware. Given that security researchers can't name a particular reason for the decline, it's important not to read too much into the data. Whether there are declining figures or not, ransomware attacks still played a prominent role in last year's threat landscape across a whole spectrum of devices. This year is shaping up to be no different.

Where Android-based ransomware attacks were concerned, several old standbys were still seeing frequent use, including both Charger and SimpleLocker. The most prominent new player in 2017 was DoubleLocker, which was first seen in the wild last October. It is unique in that it was the first Android malware to take advantage of a vulnerability in the Accessibility service to gain admin rights and infect users.

Interestingly, Android-based banking Trojans have been abusing the Accessibility service for literally years. It's not immediately clear why hackers didn't begin using it as an attack vector where ransomware was concerned until the appearance of DoubleLocker. Now that it's on the scene, we can expect to see an increasing number of similar attacks.

In any case, given the fact that ransomware is poised to dominate the threat landscape in 2018, all users would do well to stay on their guard. The slight decline in ransomware attacks against Android users, (while a welcome sight), is probably going to be short-lived. If there's one thing you can be sure of, it is that 2018 will be another record-breaking year where hacking attacks are concerned.